一种在线阅读数字内容鉴权的方法及系统 Method and system for online reading digital content authentication
本申请要求在 2011 年 12 月 9 日提交中国专利局、 申请号为 201110409347.8、发明名称为 "一种在线阅读数字内容鉴权的方法及系统"的中 国专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域 This application claims priority to Chinese Patent Application No. 201110409347.8, entitled "A Method and System for Online Reading of Digital Content Authentication", filed on December 9, 2011, the entire contents of which are hereby incorporated by reference. Combined in this application. Technical field
本发明涉及计算机信息领域, 尤其涉及一种在线阅读数字内容鉴权的方 法及系统。 背景技术 The present invention relates to the field of computer information, and in particular, to a method and system for online digital content authentication. Background technique
随着数字内容的快速发展, 越来越多的人关注和阅读数字内容, 同时阅 读方式逐渐演变为在线阅读, 然而在线阅读的竟争也越来越激烈, 为了使得 数字内容的版权能够得到保护, 所以对于数字内容来说权限的控制尤为重要。 With the rapid development of digital content, more and more people pay attention to and read digital content, and the reading method gradually evolves into online reading. However, the competition for online reading is becoming more and more fierce, in order to protect the copyright of digital content. Therefore, the control of permissions is especially important for digital content.
目前各种数字内容产品提供的在线阅读功能都能够对数字内容的权限实 现控制, 达到版权保护的目的, 在现有技术中有以下两种实现方式: At present, the online reading function provided by various digital content products can control the rights of digital content to achieve the purpose of copyright protection. In the prior art, there are two implementation modes:
1、 自主控制方式, 这种方式通常包含对数字内容的管理功能, 自己维护 数字内容的权限, 当用户请求在线阅读时, 通过查询数字内容的权限, 在提 供相应的阅读范围。 1. Autonomous control mode, which usually includes the management function of digital content, and the authority to maintain digital content. When the user requests online reading, the user can provide the corresponding reading range by querying the rights of digital content.
2、 接口控制方式。 这种方式从数字内容中独立出来, 自身不负责对权限 的管理, 只提供在线阅读功能, 当用户请求在线阅读时, 主动到权限管理中 心请求用户的权限, 在得到权限信息后提供相应范围的阅读。 2. Interface control mode. This method is independent from the digital content. It is not responsible for the management of the rights. It only provides the online reading function. When the user requests to read online, it actively requests the rights of the user to the rights management center, and provides the corresponding scope after obtaining the permission information. read.
本申请人在实施本发明的过程中, 发现上述技术中至少存在如下技术问 题: In the process of implementing the present invention, the Applicant has found that at least the following technical problems exist in the above technologies:
自主控制方式需要实现对所有数字内容的管理, 同时阅读功能和业务系 统的功能混淆在一起, 功能不独立, 无法作为一个通用的阅读工具对外提供
服务。 The autonomous control method needs to realize the management of all digital content, and the reading function is confused with the function of the business system. The function is not independent and cannot be provided as a general reading tool. Service.
接口控制方式需要频繁与权限管理中心通信, 引起性能障碍, 同时第三 方接入在线阅读时, 需要开发相应的接口, 引起成本的增长。 发明内容 The interface control mode needs to communicate frequently with the rights management center, causing performance obstacles. At the same time, when the third party accesses online reading, it needs to develop a corresponding interface, which causes cost increase. Summary of the invention
本发明提供了一种在线阅读数字内容鉴权的方法及系统, 用以解决在现 有技术中在自主控制方式中功能混淆, 功能不能独立, 以及在接口控制方式 中需要频繁进行信息交互的问题。 The invention provides a method and a system for online digital content authentication, which are used to solve the problem that the function is confused in the autonomous control mode in the prior art, the function cannot be independent, and the information interaction needs to be frequently performed in the interface control mode. .
一种在线阅读数字内容鉴权的方法, 包括: A method for online digital content authentication, comprising:
接收来自终端的在线阅读第一请求, 并获取所述第一请求中的第一用户 信息; Receiving an online read first request from the terminal, and acquiring first user information in the first request;
根据存储的权限信息与用户信息之间的对应关系, 获得所述第一用户信 息对应的第一权限信息, 并根据所述第一权限信息生成第一权限模型, 所述 第一权限模型中包含用户所拥有的 M个功能权限, 其中 M大于等于 1 ; 根据存储的证书信息与权限模型之间的对应关系, 获得所述第一权限模 型对应的第一证书信息; Obtaining, according to the correspondence between the stored rights information and the user information, the first rights information corresponding to the first user information, and generating a first rights model according to the first rights information, where the first rights model includes The M function rights owned by the user, where M is greater than or equal to 1; obtaining the first certificate information corresponding to the first permission model according to the correspondence between the stored certificate information and the permission model;
生成包含有所述第一权限模型和所述第一证书信息的第二请求; 鉴权所述第二请求中包含的第一证书信息以及所述第一权限模型中的 M 个功能权限。 Generating a second request including the first permission model and the first certificate information; authenticating the first certificate information included in the second request and the M function rights in the first permission model.
优选的, 所述第一权限模型中包括: 阅读范围权限、 在线并发权限、 服 务时间权限、 复制权限、 打印权限中的一个功能权限或者多个功能权限的组 合, 并且上述功能权限中的每个功能权限都具有一个对应的有效时间期限。 Preferably, the first privilege model includes: a read scope privilege, an online concurrent privilege, a service time privilege, a copy privilege, a functional privilege in a print privilege, or a combination of a plurality of functional privilege, and each of the functional privilege Functional rights have a corresponding effective time period.
优选的, 所述第一证书信息包括: 一个唯一的证书以及与所述证书对应 的有效时间期限。 Preferably, the first certificate information includes: a unique certificate and an effective time limit corresponding to the certificate.
优选的, 所述鉴权所述第二请求中包含的第一证书信息以及所述第一权 限模型中的 M个功能权限, 具体包括: Preferably, the authenticating the first certificate information included in the second request and the M function rights in the first privilege model specifically include:
基于所述第二请求, 获取所述第二请求中的所述第一权限模型以及所述
第一证书信息, 并; Acquiring the first permission model in the second request and the First certificate information, and;
对所述第一证书信息进行鉴权, 并根据所述第一证书信息的鉴权结果, 对所述第一权限模型中的 M个功能权限进行鉴权, 并; And authenticating the first certificate information, and authenticating the M function rights in the first permission model according to the authentication result of the first certificate information, and
根据所述 M个功能权限的鉴权结果将鉴权通过的多个功能权限对应的在 线阅读内容提供给所述终端。 And providing the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
优选的, 所述对所述第一证书信息进行鉴权, 具体包括: Preferably, the authenticating the first certificate information includes:
获取所述第一证书信息中的有效时间期限; Obtaining a valid time period in the first certificate information;
将第一证书信息的有效时间期限与当前时间进行比较, 如果所述证书的 有效时间期限在所述当前时间之后, 则所述证书鉴权通过, 并对所述第一权 限模型进行解析; 否则, 拒绝所述第二请求。 Comparing the valid time period of the first certificate information with the current time, if the valid time period of the certificate is after the current time, the certificate authentication is passed, and the first permission model is parsed; otherwise , rejecting the second request.
优选的, 所述对所述第一权限模型进行解析, 具体包括: Preferably, the parsing the first permission model specifically includes:
获得所述第一权限模型中的所述 M个功能权限以及每个功能权限对应的 有效时间期限; Obtaining the M function rights in the first permission model and an effective time period corresponding to each function authority;
将所述 M个功能权限中每个功能权限的有效时间期限与当前时间进行比 较, 如果所述 M个功能权限中有 L个功能权限的有效时间期限在所述当前时 间在之后,则提供所述 L个功能权限对应的在线阅读内容给所述终端,其中 L 大于等于 0 , 小于等于 M的整数。 Comparing the effective time period of each of the M function rights with the current time, if the valid time period of the L function rights of the M function rights is after the current time, providing the The online reading content corresponding to the L functional rights is given to the terminal, where L is greater than or equal to 0 and is less than or equal to an integer of M.
一种在线阅读数字内容鉴权的系统, 具体包括: A system for reading digital content authentication online, specifically comprising:
业务处理系统, 用于接收来自终端的在线阅读第一请求, 并获取所述第 一请求中的第一用户信息, 根据存储的权限信息与所述用户信息之间的对应 关系, 获得所述第一用户信息对应的第一权限信息, 并根据所述第一权限信 息生成第一权限模型,所述第一权限模型中包含用户所拥有的 M个功能权限, 其中 M大于等于 1 , 根据存储的证书信息与权限模型之间的对应关系, 获得 所述第一权限模型对应的第一证书信息, 生成包含所述第一权限模型和第一 证书信息的第二请求; a service processing system, configured to receive a first request for online reading from a terminal, and obtain first user information in the first request, and obtain the first information according to a correspondence between the stored right information and the user information a first authority information corresponding to the user information, and generating a first permission model according to the first authority information, where the first permission model includes M function rights owned by the user, where M is greater than or equal to 1, according to the stored Corresponding relationship between the certificate information and the permission model, obtaining first certificate information corresponding to the first permission model, and generating a second request including the first permission model and the first certificate information;
在线阅读系统, 用于接收所述第二请求, 并鉴权所述第二请求中包含的 第一证书信息以及所述第一权限模型中的 M个功能权限。
优选的, 所述在线阅读系统具体包括: The online reading system is configured to receive the second request, and authenticate the first certificate information included in the second request and the M function rights in the first permission model. Preferably, the online reading system specifically includes:
接收模块, 用于接收所述第二请求; a receiving module, configured to receive the second request;
获取模块, 用于获取所述第二请求中的所述第一权限模型以及所述第一 证书信息; An obtaining module, configured to acquire the first permission model and the first certificate information in the second request;
证书鉴权模块, 用于对所述第一证书信息进行鉴权; a certificate authentication module, configured to authenticate the first certificate information;
权限模型鉴权模块, 用于根据所述第一证书信息的鉴权结果, 对所述权 限模型中的 M个功能权限进行鉴权; The permission model authentication module is configured to authenticate the M function rights in the permission model according to the authentication result of the first certificate information;
内容提供模块, 用于根据所述 M个功能权限的鉴权结果将鉴权通过的多 个功能权限对应的在线阅读内容提供给所述终端。 The content providing module is configured to provide the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
优选的, 所述证书鉴权模块包括: Preferably, the certificate authentication module includes:
证书有效时间获取单元, 用于获取所述第一证书信息中的有效时间期限; 证书有效时间鉴权单元, 用于将第一证书信息的有效时间期限与当前时 间进行比较, 如果所述当前时间在所述证书的有效时间期限内, 则所述证书 鉴权通过, 否则拒绝所述第二请求。 a certificate validity time obtaining unit, configured to obtain a valid time period in the first certificate information, and a certificate valid time authentication unit, configured to compare a valid time period of the first certificate information with a current time, if the current time Within the validity time period of the certificate, the certificate authentication is passed, otherwise the second request is rejected.
优选的, 所述权限模型鉴权模块对所述权限模型中的 M个功能权限进行 鉴权包括: Preferably, the rights model authentication module performs authentication on the M function rights in the permission model, including:
获得所述第一权限模型中的所述 M个功能权限以及每个功能权限对应的 有效时间期限; Obtaining the M function rights in the first permission model and an effective time period corresponding to each function authority;
将所述 M个功能权限中有 L个功能权限的有效时间期限与当前时间进行 比较。 The valid time period of the L function rights among the M function rights is compared with the current time.
本发明的一个或者多个实施方式的具体技术效果如下: The specific technical effects of one or more embodiments of the present invention are as follows:
接收来自终端的在线阅读第一请求, 并获取所述第一请求中的第一用户 信息, 获得所述第一用户信息对应的第一权限信息, 并根据所述第一权限信 息生成第一权限模型, 根据存储的证书信息与权限模型之间的对应关系, 获 得所述第一权限模型对应的第一证书信息, 生成包含有所述第一权限模型和 所述第一证书信息的第二请求, 鉴权所述第二请求中包含的第一证书信息以 及所述第一权限模型中的 M个功能权限。 进而解决了系统之间信号频繁交互
引起的系统性能问题, 实现了数字内容管理的简便性, 同时也保证了数字内 容的安全性, 对非法盗链起到了抑制作用, 并且很好保护了数字内容的版权。 附图说明 Receiving a first request for online reading from the terminal, and acquiring first user information in the first request, obtaining first permission information corresponding to the first user information, and generating a first permission according to the first permission information And obtaining, according to a correspondence between the stored certificate information and the permission model, the first certificate information corresponding to the first permission model, and generating a second request that includes the first permission model and the first certificate information And authenticating the first certificate information included in the second request and the M function rights in the first permission model. Further solving the frequent interaction of signals between systems The system performance problem caused by the realization of the simplicity of digital content management, while also ensuring the security of digital content, inhibiting illegal chain hacking, and well protected the copyright of digital content. DRAWINGS
图 1 为本发明一种在线阅读数字内容鉴权的方法的流程图; 1 is a flow chart of a method for online digital content authentication according to the present invention;
图 2 为本发明第一权限模型定义示意图; 2 is a schematic diagram of definition of a first authority model according to the present invention;
图 3 为本发明在线阅读系统对第二请求中的第一权限模型以及第一证书 信息的鉴权流程图; 3 is a flow chart of authenticating the first permission model and the first certificate information in the second request by the online reading system of the present invention;
图 4 为本发明一种在线阅读数字内容鉴权的系统; 4 is a system for online reading digital content authentication according to the present invention;
图 5为本发明在线阅读系统的结构示意图。 具体实施方式 FIG. 5 is a schematic structural diagram of an online reading system according to the present invention. detailed description
本发明提供了一种在线阅读数字内容鉴权的方法及系统, 用以在用户需 要进行在线阅读时, 用户向业务处理系统发送请求后, 业务处理系统获得用 户信息, 并生成对应的权限模型以及证书, 发送给在线阅读系统, 在线阅读 系统根据所述权限模型以及证书提供用户所拥有的全部功能权限。 进而解决 了系统之间信号频繁交互引起的系统性能问题, 实现了数字内容管理的简便 性, 同时也保证了数字内容的安全性。 The present invention provides a method and system for online digital content authentication, which is used to obtain user information and generate a corresponding permission model after the user sends a request to the service processing system when the user needs to perform online reading. The certificate is sent to the online reading system, and the online reading system provides all the functional rights owned by the user according to the permission model and the certificate. Furthermore, it solves the system performance problem caused by frequent signal interaction between systems, realizes the simplicity of digital content management, and ensures the security of digital content.
下面结合附图和具体实施例对本发明的技术方案做详细的说明。 The technical solution of the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
如图 1 所示为一种在线阅读数字内容鉴权的方法的流程图, 具体流程如 下: Figure 1 shows a flow chart of a method for online digital content authentication. The specific process is as follows:
步骤 101 , 接收来自终端的在线阅读第一请求, 并获取所述第一请求中的 第一用户信息。 Step 101: Receive an online read first request from the terminal, and obtain first user information in the first request.
步骤 102, 根据存储的权限信息与用户信息之间的对应关系, 获得所述第 一用户信息对应的第一权限信息, 并根据所述第一权限信息生成第一权限模 型, 所述第一权限模型中包含用户所拥有的 M个功能权限, 其中 M大于等于 1。
在业务处理系统中预存有权限信息与用户信息之间的对应关系, 在业务 处理系统获得第一用户信息之后, 业务处理系统会查阅预存的所述对应关系 , 从而获得第一用户信息对应的第一权限信息, 所述第一权限信息中包含用户 的所拥有的功能权限可能是一个或者多个功能权限的定义。 Step 102: Obtain first permission information corresponding to the first user information according to the correspondence between the stored permission information and the user information, and generate a first permission model according to the first permission information, where the first permission The model contains M function permissions owned by the user, where M is greater than or equal to 1. The service processing system pre-stores the correspondence between the rights information and the user information. After the service processing system obtains the first user information, the service processing system consults the pre-stored corresponding relationship, thereby obtaining the first user information corresponding to the first A permission information, wherein the first permission information includes a function authority owned by the user may be a definition of one or more function rights.
在获得所述第一权限信息之后, 业务处理系统根据第一权限信息中的一 个或者多个功能权限的定义生成第一权限模型, 因此在所述第一权限模型中 包含了用户所拥有的 M个功能权限, 其中 M大于等于 1. After obtaining the first privilege information, the service processing system generates a first privilege model according to the definition of one or more functional privilege in the first privilege information, so that the first privilege model includes the M owned by the user. Function permissions, where M is greater than or equal to 1.
其中所述 M个功能权限可以是阅读范围权限、 在线并发权限、 服务时间 权限、 复制权限、 打印权限中的一个功能权限或者多个功能权限的组合, 并 且在业务处理系统中可以根据用户的需要增加或者是减少功能权限。 The M function rights may be a combination of a read range right, an online concurrent right, a service time right, a copy right, a print right, or a plurality of function rights, and may be in accordance with a user's needs in the business processing system. Increase or decrease feature permissions.
另外, 为了避免 M个功能权限中的任一功能权限被用户无限期的使用, 因此所述 M 个功能权限中的每一个功能权限都设有一个对应的有效时间期 限。 In addition, in order to prevent any one of the M function rights from being used by the user indefinitely, each of the M function rights has a corresponding effective time limit.
步骤 103 , 根据存储的证书信息与权限模型之间的对应关系, 获得所述第 一权限模型对应的第一证书信息。 Step 103: Obtain first certificate information corresponding to the first permission model according to a correspondence between the stored certificate information and the permission model.
在生成第一权限模型之后, 在所述业务处理系统中存储有证书信息与权 限模型的对应关系, 因此在获得所述第一权限模型之后, 业务处理系统会根 据所述第一权限模型对应的获得一个唯一的第一证书信息。 After the first privilege model is generated, the correspondence between the certificate information and the privilege model is stored in the service processing system, so after obtaining the first privilege model, the service processing system according to the first privilege model Obtain a unique first certificate information.
为了使得用户的证书能够在一定的时间内有效的使用, 因此在获得所述 第一证书信息中的证书之后还获得一个与所述证书对应的有效时间期限, 避 免了用户无限期的使用同一个证书信息, 同时也使得数字内容的版权得到很 好的保护。 In order to enable the user's certificate to be effectively used within a certain period of time, after obtaining the certificate in the first certificate information, an effective time period corresponding to the certificate is obtained, thereby avoiding the user using the same indefinite period. The certificate information also makes the copyright of digital content well protected.
步骤 104, 生成包含有所述第一权限模型和所述第一证书信息的第二请 求, 并将所述第二请求发送给在线阅读系统。 Step 104: Generate a second request that includes the first permission model and the first certificate information, and send the second request to an online reading system.
通过步骤 102以及步骤 103之后, 业务处理系统获得了与第一用户信息 对应的第一权限信息以及第一权限信息对应的第一证书信息, 然后业务处理 系统会将第一权限模型以及第一证书信息添加到 URL参数(统一资源定位符)
中, 生成包含第一权限模型以及第一证书信息的第二请求。 After the step 102 and the step 103, the service processing system obtains the first authority information corresponding to the first user information and the first certificate information corresponding to the first authority information, and then the service processing system sets the first permission model and the first certificate. Information added to the URL parameter (Uniform Resource Locator) Generating a second request including the first permission model and the first certificate information.
所述第一权限模型通过 URL参数进行传递, 其规则为第一权限模型后跟 权限范围, 该定义可以根据实际需求进行扩展。 如图 2中所示 V表示阅读权 限, 其后的 1-5 , 15-30表示当前用户可以翻阅第 1页到第 5页和第 15页到第 30页的内容; 其他权限定义可以根据实际需要进行扩展定义。 The first privilege model is transmitted through a URL parameter, and the rule is a first privilege model followed by a privilege scope, and the definition may be extended according to actual requirements. As shown in Figure 2, V indicates read permission, followed by 1-5, 15-30 indicating that the current user can view the contents of pages 1 to 5 and pages 15 to 30; other permission definitions can be based on actual An extension definition is required.
步骤 105,鉴权所述第二请求中包含的第一证书信息以及所述第一权限模 型中的 M个功能权限。 Step 105: The first certificate information included in the second request and the M function rights in the first permission model are authenticated.
在线阅读系统在接收到所述第二请求之后, 首先会对第二请求中的第一 证书信息进行鉴权, 然后通过第一证书信息的鉴权结构对第一权限模型中的 M个功能权限进行鉴权。 After receiving the second request, the online reading system first authenticates the first certificate information in the second request, and then uses the authentication structure of the first certificate information to the M function rights in the first permission model. Perform authentication.
如图 3 所示为在线阅读系统对第二请求中的第一权限模型以及第一证书 信息的鉴权流程图, 具体包括: As shown in FIG. 3, the flow chart of the first permission model and the first certificate information in the second request of the online reading system includes:
步骤 301 , 基于所述第二请求, 获取所述第二请求中的所述第一权限模型 以及所述第一证书信息。 Step 301: Acquire, according to the second request, the first permission model and the first certificate information in the second request.
所述在线阅读系统在接收到第二请求之后, 获得所述第二请求中的第一 权限模型以及第一权限模型中的 M个功能权限对应的有效时间期限, 同时获 得第一证书信息以及第一证书对应的有效时间期限。 After receiving the second request, the online reading system obtains the first permission model in the second request and the valid time period corresponding to the M function rights in the first permission model, and obtains the first certificate information and the first The validity period of a certificate.
步骤 302, 对所述第一证书信息进行鉴权, 并根据所述第一证书信息的鉴 权结果, 对所述第一权限模型中的 M个功能权限进行鉴权。 Step 302: Perform authentication on the first certificate information, and perform authentication on the M function rights in the first permission model according to the authentication result of the first certificate information.
在线阅读系统首先对第一证书信息进行鉴权, 所述第一证书信息中包含 一个唯一的证书以及与所述证书对应的一个有效时间期限, 在线阅读系统鉴 权证书的合法性。 如果证书合法, 则对证书的有效时间期限进行鉴权; 如果 证书不合法, 则拒绝第二请求。 The online reading system first authenticates the first certificate information, and the first certificate information includes a unique certificate and an effective time period corresponding to the certificate, and the legality of the system authentication certificate is read online. If the certificate is legal, the validity period of the certificate is authenticated; if the certificate is not legal, the second request is rejected.
其中如果用户私自修改权限模型中的内容, 那么证书鉴权不合法, 并且 拒绝第二请求。 If the user privately modifies the content in the permission model, the certificate authentication is invalid and the second request is rejected.
在鉴权证书合法性之后, 对证书的有效时间期限进行鉴权, 通过获得第 一证书的有效时间期限与用户使用证书的当前时间进行比较, 如果所述证书
的有效时间期限在所述当前时间之后, 则所述证书鉴权通过, 并对所述第一 权限模型进行解析; 否则, 拒绝所述第二请求。 鉴权通过之后, 所述在线阅读系统对第一权限模型进行鉴权。 After the validity of the authentication certificate, the validity time period of the certificate is authenticated, and the valid time period of obtaining the first certificate is compared with the current time when the user uses the certificate, if the certificate is After the current time period is after the current time, the certificate authentication is passed, and the first permission model is parsed; otherwise, the second request is rejected. After the authentication is passed, the online reading system authenticates the first permission model.
在线阅读系统获得所述第一权限模型中的 M个功能权限以及这 M个功能 权限中每个功能权限对应的有效时间期限, 并且获得接收到所述第二请求的 当前时间, 将所述 M个功能权限中的每个功能权限的有效时间期限与所述当 前时间进行比较。 The online reading system obtains the M function rights in the first permission model and the valid time period corresponding to each of the M function rights, and obtains the current time of receiving the second request, and the M is obtained. The valid time period for each of the functional rights is compared to the current time.
步骤 303 , 根据所述 M个功能权限的鉴权结果将鉴权通过的多个功能权 限对应的在线阅读内容提供给所述终端。 Step 303: Provide, according to the authentication result of the M function rights, the online reading content corresponding to the plurality of function rights that are authenticated to the terminal.
如果所述 M个功能权限中有 L个功能权限的有效时间期限在所述当前时 间在之后, 则提供所述 L个功能权限对应的在线阅读内容给所述终端, 用户 可以在所述终端上直接获取这 L个功能权限对应的服务, 避免频繁的发送请 求以及频繁的信息交互。 其中 L大于等于 0, 小于等于 M的整数。 If the valid time period of the L function rights is after the current time, the online reading content corresponding to the L function rights is provided to the terminal, and the user may be on the terminal. Directly obtain the services corresponding to the L function rights, avoid frequent sending requests and frequent information interaction. Where L is greater than or equal to 0, an integer less than or equal to M.
如图 4所示为一种在线阅读数字内容鉴权的系统, 具体包括: As shown in FIG. 4, a system for online digital content authentication, specifically includes:
业务处理系统 401 , 用于接收来自终端的在线阅读第一请求, 并获取所述 第一请求中的第一用户信息, 根据存储的权限信息与所述用户信息之间的对 应关系, 获得所述第一用户信息对应的第一权限信息, 并根据所述第一权限 信息生成第一权限模型, 所述第一权限模型中包含用户所拥有的 M个功能权 限, 其中 M大于等于 1 , 根据存储的证书信息与权限模型之间的对应关系, 获得所述第一权限模型对应的第一证书信息, 生成包含所述第一权限模型和 第一证书信息的第二请求。 The service processing system 401 is configured to receive a first request for online reading from the terminal, and obtain first user information in the first request, and obtain the foregoing according to a correspondence between the stored right information and the user information. The first privilege information corresponding to the first user information, and the first privilege model is generated according to the first privilege information, where the first privilege model includes M functional privileges owned by the user, where M is greater than or equal to 1, according to the storage Corresponding relationship between the certificate information and the permission model, obtaining the first certificate information corresponding to the first permission model, and generating a second request including the first permission model and the first certificate information.
在线阅读系统 402, 与所述业务处理系统连接, 用于接收所述第二请求, 并鉴权所述第二请求中包含的第一证书信息以及所述第一权限模型中的 M个 功能权限。 The online reading system 402 is connected to the service processing system, and configured to receive the second request, and authenticate the first certificate information included in the second request and the M function rights in the first permission model .
如图 5所示为在线阅读系统的结构示意图, 具体包括: FIG. 5 is a schematic structural diagram of an online reading system, which specifically includes:
接收模块 501 , 用于接收所述第二请求;
获取模块 502,用于获取所述第二请求中的所述第一权限模型以及所述第 一证书信息; The receiving module 501 is configured to receive the second request. The obtaining module 502 is configured to acquire the first permission model and the first certificate information in the second request;
证书鉴权模块 503 , 用于对所述第一证书信息进行鉴权; The certificate authentication module 503 is configured to authenticate the first certificate information.
权限模型鉴权模块 504, 用于根据所述第一证书信息的鉴权结果, 对所述 权限模型中的 M个功能权限进行鉴权; The permission model authentication module 504 is configured to authenticate the M function rights in the permission model according to the authentication result of the first certificate information;
内容提供模块 505, 用于根据所述 M个功能权限的鉴权结果将鉴权通过 的多个功能权限对应的在线阅读内容提供给所述终端。 The content providing module 505 is configured to provide the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
进一步, 在所述证书鉴权模块 503中还包括: Further, the certificate authentication module 503 further includes:
证书有效时间期限获取单元, 用于获取所述第一证书信息中的有效时间 期限。 The certificate validity time period obtaining unit is configured to obtain a valid time period in the first certificate information.
证书有效时间期限鉴权单元, 用于将第一证书信息的有效时间期限与当 前时间进行比较, 如果所述当前时间在所述证书的有效时间期限内, 则所述 证书鉴权通过, 否则拒绝所述第二请求。 a certificate validity time period authentication unit, configured to compare the valid time period of the first certificate information with the current time, and if the current time is within the valid time period of the certificate, the certificate authentication is passed, otherwise the rejection is The second request.
进一步, 所述权限模型模块对所述权限模型中的 M个功能权限进行鉴权 包括: Further, the permission model module performs authentication on the M function rights in the permission model, including:
获得所述第一权限模型中的所述 M个功能权限以及每个功能权限对应的 有效时间期限; Obtaining the M function rights in the first permission model and an effective time period corresponding to each function authority;
将所述 M个功能权限中有 L个功能权限的有效时间期限与当前时间进行 比较。 The valid time period of the L function rights among the M function rights is compared with the current time.
本发明提供了一种在线阅读数字内容鉴权的方法, 接收来自终端的在线 阅读第一请求, 并获取所述第一请求中的第一用户信息, 获得所述第一用户 信息对应的第一权限信息, 并根据所述第一权限信息生成第一权限模型, 根 据存储的证书信息与权限模型之间的对应关系, 获得所述第一权限模型对应 的第一证书信息, 生成包含有所述第一权限模型和所述第一证书信息的第二 请求, 鉴权所述第二请求中包含的第一证书信息以及所述第一权限模型中的 M个功能权限。 进而解决了系统之间信号频繁交互引起的系统性能问题, 实 现了数字内容管理的简便性, 同时也保证了数字内容的安全性, 对非法盗链
起到了抑制作用, 并且很好保护了数字内容的版权。 发明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权利要 求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。
The present invention provides a method for online digital content authentication, receiving a first request for online reading from a terminal, and acquiring first user information in the first request, and obtaining a first corresponding to the first user information. And the first privilege model is generated according to the first privilege information, and the first credential information corresponding to the first privilege model is obtained according to the correspondence between the stored credential information and the privilege model, and the generating includes the The first permission model and the second request of the first certificate information, the first certificate information included in the second request and the M function rights in the first permission model are authenticated. Furthermore, it solves the system performance problem caused by frequent signal interaction between systems, realizes the simplicity of digital content management, and also ensures the security of digital content. It has a restraining effect and protects the copyright of digital content. The spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and the modifications of the invention